Commit Graph

38 Commits

Author SHA1 Message Date
Ruslan Ermilov
c0956cf876 Make -log_ipfw_denied active by default with -verbose.
Discussed with:	phk
2001-11-27 11:06:02 +00:00
Ruslan Ermilov
3843533e18 Fixed (local) style bugs in previous revision. 2001-11-27 11:00:16 +00:00
Poul-Henning Kamp
84ef95bd6e Do not uselessly whine in syslog about packets denied by ipfw rules.
Set 'log_ipfw_denied' option if you want the old behaviour.

PR:	30255
Submitted by:	Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by:	phk
MFC after:	4 weeks
2001-10-31 16:08:49 +00:00
Josef Karthauser
d782daf041 Revert the previous commit on objection from the maintainer. I
missed that natd has a -v option that will give similar functionality.

Requested by:	ru
2001-06-21 12:32:36 +00:00
Josef Karthauser
dc2ea2d874 When reporting that a packet can't be written back, usually because
of a restrictive firewall rule, also report detail on the packet
that caused the failure.

MFC after:	3 days
2001-06-21 10:28:40 +00:00
Kris Kennaway
04d06bb686 Don't call warn() with no format string. 2000-07-10 08:14:18 +00:00
Ruslan Ermilov
bc4ebb98dc Added new option (-punch_fw) which allows to `punch holes'
in the ipfirewall(4) for incoming FTP/IRC DCC connections.

Submitted by:	Rene de Vries <rene@canyon.demon.nl>
Rewritten by:	ru
2000-06-27 15:26:24 +00:00
Ruslan Ermilov
dc1a022582 Remove ``pptpalias'' since this is now done transparently by libalias(3). 2000-06-20 12:52:27 +00:00
Ruslan Ermilov
b0f55af68f Remove unused parameter. 2000-06-16 09:41:57 +00:00
Ruslan Ermilov
11c2b3bf00 Add new option (-target_addr) to control how to deal with incoming packets
not associated with any pre-existing link.

Submitted by:	brian
2000-05-18 10:31:10 +00:00
Ruslan Ermilov
4330006d9e New option: -redirect_proto. 2000-05-03 15:06:45 +00:00
Josef Karthauser
30395bb5f1 Fixes a potential buffer overflow with the command line arguments.
Submitted by:   Mike Heffner <spock@techfour.net>
Submitted on:   audit@freebsd.org
2000-04-30 20:53:54 +00:00
Ruslan Ermilov
bd69051080 Load Sharing using IP Network Address Translation (RFC 2391, LSNAT). 2000-04-27 17:55:17 +00:00
Ruslan Ermilov
d99cc1da8a Remove the config file line length restriction.
PR:		16900
Reviewed by:	"Crist J. Clark" <cjclark@home.com>, jkh
Approved by:	jkh
2000-02-25 11:34:38 +00:00
Ruslan Ermilov
6f3dbe5e1a Now that kernel is capable of notifying user processes about
the interface MTU change (src/sys/net/if_sl.c,v 1.83), track
interface MTU with -dynamic option as well.

PR:		15494
2000-01-25 12:24:06 +00:00
Ruslan Ermilov
4c04fa4c1a ioctl -> sysctl for interface address changes.
PR:		14169
Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
1999-10-13 09:00:16 +00:00
Ruslan Ermilov
f2da55a243 Do not defer setting of the aliasing address from
interface name if not operating in dynamic mode.

Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
1999-09-28 08:01:46 +00:00
Ruslan Ermilov
2e7e7c71ef Config file parser changes:
- Trailing spaces and empty lines are ignored.
- A `#' sign will mark the remaining of the line as a comment.

Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
1999-09-07 15:34:12 +00:00
Ruslan Ermilov
cd45c931f6 Allow signals to interrupt system calls.
Remove redundant signal() call.

PR:		6676
Submitted by:	luoqi
Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
1999-09-02 15:17:25 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Archie Cobbs
eed2b804bf When incrementing through a SIOCGIFCONF list, enforce a lower limit of
sizeof(ifr->ifr_addr) for the variable length field ifr->ifr_addr.sa_len.
Otherwise the increment will be wrong in certain cases.

Obtained from:  Whistle source tree
For the record: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> suggests
                SIOCGIFCONF should be dropped in favor of a sysctl mechanism.
1999-06-05 05:55:07 +00:00
Brian Somers
29d97436c5 Oops - missing parenthesis 1999-05-13 17:09:44 +00:00
Brian Somers
9c501140f7 /sbin/natd portrange documentation and bugfix
Submitted by:	Ruslan Ermilov <ru@ucb.crimea.ua>
PR:		11690

3.2 candidate ?
1999-05-13 16:58:31 +00:00
Warner Losh
ebe70c8f68 More egcs warning fixes:
o main returns int not void
	o use braces to avoid potentially ambiguous else

Note: The fix to natd is potentially functional in nature since I used
the indentation as the right thing rather than the struct semantics.
Someone more familiar with the code should double check me on this one.

Reviewed by: obrien and chuckr
1999-04-25 22:33:30 +00:00
Brian Somers
f3d640240b Disable reads on our ICMP socket. We only use it for sending.
PR:	9253
1999-03-30 10:11:21 +00:00
Brian Somers
902cb50a76 Add some const-cleanliness and avoid some warnings. 1999-03-24 20:30:48 +00:00
Brian Somers
5d8ee958b3 Allow port ranges when specifying -redirect_port.
Submitted by:	Wes Santee <wes@bogon.net>
PR:		9696
1999-03-24 20:30:20 +00:00
Brian Somers
b71e869d29 Fix a diagnostic typo
Submitted by:  Martin Machacek <mm@i.cz>
1999-03-11 09:24:52 +00:00
Brian Somers
59a7c61374 Upgrade (almost) to natd 2.0b1
- Transparent proxy support.
  - PERMANENT_LINK IS NOW OBSOLETE, use redirect_port instead.
  - Drop support for early FreeBSD 2.2 versions
  - If separate input & output sockets are being used
    use them to find out packet direction instead of
    normal mechanism. This can be handy in complex environments
    with multiple interfaces.
  - PPTP redirect support by Dru Nelson <dnelson@redwoodsoft.com> added.
  - Logging enhancements from Martin Machacek <mm@i.cz> added.

Obtained from: Ari Suutari <ari@suutari.iki.fi>
1999-03-07 18:23:56 +00:00
Jordan K. Hubbard
f627793d19 Make this work with the new alias library since, evidently, we're
not providing the backwards-compatability routines in libalias anymore
(which I think may have been a mistake).
1999-02-27 22:37:38 +00:00
Alexander Langer
f13f9fada7 Typo/$Id$ police. 1997-12-27 19:31:11 +00:00
Brian Somers
67a886fb97 natd 1_10 => 1_11
Cosmetic style changes
  Use u_short for port values.
Submitted by:	Ari Suutari <ari@suutari.iki.fi>
1997-12-10 02:14:57 +00:00
Brian Somers
27c20503c6 Reverse my previous change and use htons() on an int
instead of htonl() !

This results in the int a,b,c,d changing to b,a,c,d,
but as it's subsequently coerced to a u_short, the
ultimate answer is correct.

If this isn't fixed properly soon (by the author) I'll
have a look at it again.

Noted by:	eivind & ari@suutari.iki.fi
1997-12-06 12:00:32 +00:00
Brian Somers
5ae6fac1d7 Use htonl() rather than htons(). 1997-11-13 11:43:02 +00:00
Philippe Charnier
0fc81af12d Use err(3). Change firewall to firewall_enable in man page according to
/etc/rc.conf.
1997-10-02 11:43:33 +00:00
Brian Somers
f9b06d5cbe Ingored incoming packets are now dropped when
deny_incoming option is set to yes.
Submitted by:	Ari Suutari <ari@suutari.iki.fi>
1997-09-06 11:14:03 +00:00
Brian Somers
fb994b078f - Buffer space problem found by Sergio Lenzi <lenzi@bsi.com.br>
fixed. Natd now waits with select(2) for buffer space
  to become available if write fails.
- Packet aliasing library upgraded to 2.2.

Submitted by:	Ari Suutari <suutari@iki.fi>
1997-08-10 21:55:52 +00:00
Brian Somers
24084f9bfc Bring natd into main source tree now that the
pppd/natd combination works ok.

Submitted by:	Ari Suutari <ari.suutari@ps.carel.fi>
1997-06-22 04:19:08 +00:00